1. Field of the Invention
This invention relates to data communications, and in particular, but not exclusively, to the communication of data via a public data communications network such as the Internet.
2. Description of Related Art
Due to the inherently insecure nature of data communications via the Internet, and due to the sensitive nature of some information which is transmitted, various proposals have been made for the encryption of data for transmission. Thus, although third parties may be able to intercept messages, third parties will only be able to read the data within the message if they are able to decrypt the message using an appropriate encryption key.
In public-key cryptography, such as that used in the RSA cryptography system, each person who is to receive encrypted data has a public key which is made available to anyone wishing to send that person data, and a private key which remains confidential. Data encrypted with the public key can only be decrypted with their private key. This system suffers drawbacks in that, in order to send another party an encrypted message, the sending party must know the public key of the receiving party. Also, the authenticity of the sending party cannot readily be identified since the public key is, by definition, available to any other party.
Another type of encryption system is secret-key cryptography, also referred to as symmetric cryptography. In secret-key cryptography, the sending party and the receiving party share a common secret encryption key, which is used both to encrypt data before transmission, and to decrypt the data after reception. One drawback of this system is that the two parties must, before transmission of the encrypted data, have agreed upon the shared secret key to be used.
A further problem encountered in communications over the Internet is that of the authentication of a user. For example, when a conventional Web server contains premium content documents, the Web server checks a username and password, which must be previously established, transmitted with a document request, each time a premium content document is requested. Many Web pages contain a number of documents (e.g. text files, image files, sound files), for each of which the username and password check is necessary. This password-based authentication procedure is resource intensive, particularly when the user wishes to have access to a large number of documents.
WO 96 42041 A describes an authentication server which performs authentication of a client terminal and then issues a Re-direct command to re-direct the client terminal to a desired content server. The Re-direct command provides a Uniform Resource Locator (URL) which, in addition to the normal URL of the content server, also includes what is referred to as a “session identification” (SID), which the content server may validate entirely independently of the authentication server when it receives a Get command, which includes the modified URL, from the client terminal. Therefore, the authentication server in effect issues a “ticket” which is valid for a predetermined amount of time, and which includes self-validating means in the form of a digital signature, whereby, once the client terminal has a ticket, accesses guaranteed to the content server (providing the expiry period of the ticket has not lapsed).